Thursday, February 10, 2005

From the world of, "Is this really such a good idea?"

Windows XP and 2003 have a neat little utility called 'fsutil.exe'. According to MS, fsutil allows you to manage aspects of your file system. Neato!

So I'm over on O' today, and ran across the NTFS Performance Hacks on the Windows Dev Center. Tip #8, Disable Last Access Time, freaked me out a little bit. Well...okay...a lot.

You're probably asking yourself, "what's the big deal?" Well, if you want to increase the performance of your box, sure, make the recommended change. Will home users see a significant performance increase? Not likely. How about most users? Depending on their activities...again, not likely.

So let me ask you this...let's say that you have some data worth protecting. Now, would you rather get to it faster, or would you be okay with giving up a small amount of access time (network latency would probably consume more time), or would you like to have some evidence if something happened to that data?

I know what most of you are going to say...and you're right...there're other things you could do, and cases rarely hinge on a single piece of evidence. In most cases, there are multiple, supporting pieces of evidence. However, would you be willing to give that up? Particularly when you're looking at a live incident similar to what Robert Hensing many times do you see "last_access_time", for directories or files, in that blog entry? that really such a good idea?

No comments: